This article was previously published under Q300477
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft Internet Information Server 4.0 and Internet Information Services 5.0 (IIS) include the FrontPage Server Extensions to facilitate the development of Web sites and Web-based applications. The FrontPage Server Extensions include an optional subcomponent for development servers called Visual Studio RAD (Remote Application Deployment). If you install this optional component on a computer during the installation of Microsoft Windows 2000, you receive the following message:
You have chosen to install Visual InterDev RAD Remote Deployment Support. You should do this only on development servers, because RAD lets authors register server components and modify the COM+ settings, affecting the state of the running server. If you install RAD Remote Deployment Support, you should regularly review the permissions settings of your FrontPage webs to ensure that no unwanted authors have obtained authoring privileges.
This subcomponent allows Visual InterDev users to register and unregister programming components on the IIS server. This subcomponent contains an unchecked buffer in a section that processes input information.
Although it is unlikely, an attacker could potentially exploit this vulnerability against any server on which the affected subcomponent is installed, by connecting to a Web session on the server and passing a specially malformed packet to the system.For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
A more detailed explanation and a supported fix are available in the following Microsoft Security Bulletin, MS01-035:
This patch is available in the Windows 2000 Security Rollup Package 1 (SRP1) or individually via the links below. For additional information on SRP1, click the article number below to view the article in the Microsoft Knowledge Base:
311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002
For additional information about security topics, browse to the following Microsoft TechNet Security Web site: